Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Firebase authentication for private server

I am developoing a flutter app and want to use Firebase auth service to enable my users to signup/login using:

  • email/pass
  • google
  • facebook

I have a lumen backend REST server with MySQL database.

Problem: Going through loads of firebase documentation I cannot understand the whole flow of how this should work.

I can successfully create users using the app and they appear in the firebase console, however, I don't know how to enable them to securely talk to my backend server.

I would expect Firebase to release an access and refresh tokens for me to use for my private communication between the app and backend, like AWS cognito does. Instead, it issues an "ID Token" that is JWT token and should be verified on backend. But what do I do once it is verified?

How do I link my users in my database to the authenticated user? What is the thing to store in the database to map to the authenticated user?

Do I have to generate custom tokens via the Admin SDK?

Or is the ID Token the thing that should be passed from client to backend on each request and then verified? But still, what do I put from this ID token to my database to link the authenticated user with their data?

like image 667
Mantoska Avatar asked Sep 09 '18 11:09

Mantoska


People also ask

Can I use Firebase for authentication only?

You can use Firebase Authentication to allow users to sign in to your app using one or more sign-in methods, including email address and password sign-in, and federated identity providers such as Google Sign-in and Facebook Login.

How to do authentication in Firebase?

How does it work? To sign a user into your app, you first get authentication credentials from the user. These credentials can be the user's email address and password, or an OAuth token from a federated identity provider. Then, you pass these credentials to the Firebase Authentication SDK.

Is Firebase free for personal use?

Firebase offers a no-cost tier pricing plan for all its products. For some products, usage continues at no cost no matter your level of use. For other products, if you need high levels of use, you'll need to switch your project to a paid-tier pricing plan.

Does Firebase Auth work offline?

By enabling persistence, any data that the Firebase Realtime Database client would sync while online persists to disk and is available offline, even when the user or operating system restarts the app. This means your app works as it would online by using the local data stored in the cache.


1 Answers

Here's how I do it now. It works great.

  1. Install Firebase admin sdk on your backend server, if you are using php, here is what I've followed and worked flawlessly: PHP Firebase Admin sdk
  2. Aquire firebase idToken using firebase SDK in your client (app), I've used Firebase auth package for this.
  3. Send idToken to your backend
  4. Use Admin SDK to verify the idToken, if verification is successful it returns a Firebase user object. And you can perform various management actions on it (modify, delete, get different data etc.).
  5. Get uid from the Firebase user object.
  6. Store uid in your database.
  7. Now each time this authenticated user makes a request to your backend server, you attach the idToken to the header of the request.
  8. Each time you verify (see step 4) the idToken on your backend server and if the verification is successful you extract the uid to know which user to query in your database.

Any comments/improvements on this are welcome :)

like image 97
Mantoska Avatar answered Sep 17 '22 11:09

Mantoska